[chef] Re: apt_package_hold or preventing version critical packages from being upgraded

[Andrea Campi < >]

I'm interested! any chance you can file a Jira and send a pull request to the apt cookbook?

I'm not that proficient with apt so let me ask you something.

If I hold a package and then try to install another one that conflicts with that one, would this stop that too? That is even more important to me.

Case in point: MongoDB packages from 10gen conflict with each other.

Trying to install two different versions would result in a ping-pong of uninstall-install-uninstall-install ad libitum… not what I want! :D

On Thu, Dec 6, 2012 at 5:35 PM, Holger Amann < " target="_blank"> > wrote:

Hey there,

in case someone is interested.. 

We have a lot of packages which are version critical like Postgres or Erlang, and package upgrades/security fixes with apt-get upgrade/dist-upgrade would lead to service restarts or incompatibilites to other parts in case a never version is available, what needs to be avoided in production.. On debian based systems this can be circumvented by doing a

echo 'packagename hold' | dpkg --set-selections

which will set a package on hold and exclude it from upgrading when doing a apt-get upgrade/dist-upgrade

e.g.

:~ # echo 'esl-erlang hold' | dpkg --set-selections
:~ # dpkg --get-selections |grep esl-erlang                                                                          
esl-erlang hold
:~ # apt-cache policy esl-erlang           
esl-erlang:
 Installed: 1:15.b.2-1~debian~squeeze
 Candidate: 1:15.b.3-1~debian~squeeze
 Version table:
    1:15.b.3-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
*** 1:15.b.2-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
       100 /var/lib/dpkg/status
    1:15.b.1-1~debian~squeeze 0
       500 http://binaries.erlang-solutions.com/debian/ squeeze/contrib amd64 Packages
:~ # apt-get dist-upgrade                  
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
 esl-erlang
The following packages will be upgraded:
 base-files debian-archive-keyring dpkg dpkg-dev libc-bin libc-dev-bin libc6 libc6-dev libdpkg-perl libexpat1 linux-libc-dev locales
12 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 17.6 MB of archives.
After this operation, 20.5 kB of additional disk space will be used.
Do you want to continue [Y/n]?

qed..

Because it seam's like I am the only one on earth which needs such a feature (because it's not already chef and no one cares..), I wrote a resource 'apt_package_hold' [1] to do this with chef, like

apt_package_hold "esl-erlang" do
 version node[:erlang][:version]
 action [:install, :hold]
end

Of course that only works for debian based systems, don't know if there is a similar mechanism on other platforms.

Greets
Holger Amann
Sauspiel GmbH, Berlin

[1]  https://github.com/sauspiel/chef_cookbooks/blob/master/apt/libraries/apt_package_hold.rb